LineageOS for microG

The full Android experience without Google Apps

• Download
• Donate
• Installation
• Docs

---

LineageOS for microG: December 2025 security issues

At 09:25GMT on Monday 8th December 2025, the project was informed, by XDA Forums user j4nn, in an XDA Forums Private Message, about a security issue affecting the project, and its download server (which also serves the front page of the project website).

Update Mon 22 December: Resuming builds

We have now completed the tasks that were needed to recover from these security issues:

• our website and download server are running on a new cloud VM, rebuilt from scratch, with a new storage volume attached, and with access controlled by newly created and deployed ssh keys;
• our build servers are using a new set of package signing keys to sign the builds we make and publish.

We believe we are ready to start making new builds, and making them available for download. That will start after one more review by the team of what we have done so far.

Builds for all devices should appear over the coming days, as each build is made. Making builds for all the current officially supported devices (Lineage 23.0 and 22.3 branches) should take around 3 weeks, if all goes well. They will be followed by builds for ‘legacy’ devices (21.1, 20.0 and 18.1 branches), and we hope that a ‘full set’ of LineageOS for microG builds will be available in roughly one month’s time.

These builds will appear as updates available in the Updater app. They can be downloaded in the Updater app, but when the download completes, a message will appear at the bottom of the screen sayng “Update verfication failed” due to the new build signing key. Additionally, if you manually download the update and attempt to install it using the Updater app, you will receive the message “Failed to import local update”. In short, the new builds cannot be installed in the Updater app. If for any reason the Updater app does not prevent you from attempting to install using - even though we have not seen this in our testing - be warned that your data could be corrupted, making it necessary to factory reset / format data.

Installing the new builds

Do not try to install the new build using the Updater app

We recommend installing these new builds by folowing these steps:

1. Take a backup, using SeedVault and / or Android Backup Project (if you have access to a Linux machine, real or virtual). This should not be necessary, but it’s a useful step ‘just in case’.
2. Download the new build zip file from the Download server or by by getting the download URL from the “3 dots –> Copy URL” option next to the newly advertised build in the Updater app.
3. Boot your device into recovery, and flash the new ROM zip file using adb sideload on your computer. Detailed instructions for these steps are available from the LineageOS installation instructions for your device (which can be found by following the links from their ‘Devices’ wiki page). The recovery will report “Signature verification failed: Install anyway?” Choose “Yes” as it is understood the new build uses a different signing key than the old builds.

Apex signing issue is not fixed

While working on these security issues, we looked at the possibility of fixing the previously reported Apex signing vulnerabilty. Unfortunately, fixing that issue would have taken significantly more time and effort, and would have involved further inconvenience for our users. We still believe that the risk to users of our ROMs from that issue in day to day usage of our ROMs is minimal, so we decided not to try to fix it alongside these issues. That issue is therefore still unresolved, and likely to remain so for some time.

TL:DR

The project had a security problem - project private keys were visible in a publicly visible online git repository. This issue potentially

• affected the reliability and integrity of the download server and the files it made available for download and OTA update
• allowed an attacker to make a build and sign it with compromised signing keys, so that the build would appear to have been made by the project.

1. Potential unauthorised access to the download server

As soon as we were able, we stopped the server from serving content for downloads and OTA update, removed existing files, revoked the compromised rsync key, and installed a new one. The website is now being served from a new server and the old server has been taken offline. The server is still online, serving the website.

We do not believe that the server was ever actually compromised, but we cannot guarantee that. So we are in the process of building from scratch and testing a new server, which we will know to be trustworthy. Once this comes online, we can be confident that files made available on the new server can be trusted. We believe that the actions we have taken, and plan to take in the future, are proportionate to the scale of - and the potential threats posed by - the problem, and sufficient to ensure that users can safely install the files that will be made available on the new server.

Please read this section of the wiki for more information on this possible risk

2. Potential malicious builds signed with project keys

An attacker could have made a malicious build, and signed it using the compromised signing keys, so he the malicious build would effectively be signed with the project keys, and therefore be trustworthy. We are no aware of any such builds

1. being uploaded to the download server
2. being circulated elsewhere

Please read this section of the wiki for more information on this possible risk

3.Is my phone compromised?

In the view of the project maintainers, if you installed the build from the download server (either manually or via OTA), then almost certainly not. Please read this section of the wiki

4. Questions and clarifications

The project maintainers do not have the ‘bandwidth’ to engage in online discussion about this issue. We will however

• monitor any questions and comments about it in our communication channels (primarily the XDA Forum thread and this issue in our github issue tracker, but also on the IodéOS community forums, and the microG Matrix room #microG:matrix.org );
• periodically update this document, answering any questions and requests for clarification that have come up in those channels;
• post notifications in those channels of changes to this document and any other relevant events.

---

About

LineageOS for microG is a custom Android ROM which integrates the following components:

• The LineageOS Android Distribution
  A free and open-source operating system for various devices, based on the Android mobile platform.
• microG
  A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries, enabling the use of every Google service you need without keeping another closed-source binary blob in your Android system
• The F-Droid App store
  An installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. You can use it to access plenty of FOSS applications or even the Play Store via Aurora Store.

Project Objectives

1. Make regular builds of our ROM for all the phones and tablets currently supported officially by LineageOS;
2. Make the builds available for download for manual and OTA installation
3. Create and maintain the tools and computing resources needed to achieve 1 & 2.

A secondary objective is to make our main build tool available for other projects and individuals to use to make and maintain their own builds:

• of LineageOS for microG, ‘vanilla’ LineageOS, and / or other LineageOS-based custom ROMs (e.g. IodéOS);
• for other devices, whether or not officially supported by those projects.

Project Status

The project is currently in a fairly stable state:

• we are (mostly) achieving our objective of delivering monthly builds
• the only essential work that is ongoing is to
  • monitor the delivery process, to fix any problems that may occur, and to make any changes that are needed to ensure that the problems do not recur
  • to make any changes needed when upstreams make changes. In particular, when LineageOS introduces support for a new Android version and / or drops support for older Android versions

The project is therefore - in the opinion of the currently active maintainers - essentially ‘feature complete’ and in ‘maintenance’ mode. The only change that we believe might significantly improve the project is to support other classes of Android devices, specifically

• Minimal & Android TV devices (Now mostly supported)
• Treble-capable devices which are not officially supported by LOS. As has recently been suggested building for the lineage_gsi target would make our builds available for and usable on these devices.

Project Deliverables

1. The device-specific ROM zip files, for manual and OTA installation: made available in sub-directories on the download server
2. Other device-specific zip and .img files that are needed for installing or updating the ROM zip file (e.g. boot.img, recovery.img): also made available on the download server
3. The Docker image used to make the builds: made available on DockerHub
4. Documentation
   • The main project wiki
   • The Docker image README.md and wiki

Project Priorities

There are always changes that could be made to the project: any project can always be “improved” in some way. When any changes are suggested, we will make decisions about them according to where they fit in the following “spectrum” of priority and importance:

1. Must be changed. Not changing them means we cannot deliver our key objectives e.g.
   • we cannot make our builds e.g. because our build tools are failing, our build servers are unavailable or out of service;
   • we cannot make the builds available for download e.g because the download server is unavailable or out of disk space
   • the builds don’t run e.g. the recent bootloop or flashing problems
2. Should be changed. Changing them will significantly
   • improve the quality of our deliverables (bulds, tools, documentation)
   • make life easier for users of our deliverables
   • make life easier for project maintainers
3. Could be fixed. Fixing them may
   • slightly improve quality, but take a lot of effort
   • add new functionality (to our tools or to our builds) which is ‘nice to have’ but not essential e.g. keeping old builds available after official support has ended
   • ‘scratch an itch’ for the project maintainers: e.g. changing the Docker image so that it can make builds of IodéOS or other custom ROMs based on lineageos4microg.
4. Should not be changed
   • change has limited benefit (for deliverable quality, for users, for project maintainers), but high cost / effort, or high risk
   • change has no benefit

Decisions about such changes are likely to be subjective: things like ‘quality’ or ‘risk’ can sometimes be very hard to define or to agree on. For the most part though, decisions on where a change lies on this spectrum are usually quite clear, to the project maintainers at least. 😄

Build Targets and Frequency

We make LineageOS for microG builds for the same devices as LineageOS using their list of build targets as the input to our build run.

We aim to make builds monthly, and we (usually) start a ‘build run’ on the first day of the month. The devices included in a build run are defined by the content of the LineageOS target list at the point the build run starts. Our monthly build run takes 20-25 days to complete. The progress of the build run is published in a dedicated matrix room

If builds for any devices fail during a build run, we will try the build again after the main build run has completed. If you do not see a new build for your device when you expect it, please check whether the build failure was reported in the matrix room. If it was, there is no need to report it - we will deal with it! If the failure was not reported in the matrix room, then please report it in the docker-lineage-cicd project issue tracker or in the XDA Forums thread

Building branches no longer built by LineageOS

The LineageOS project (LOS) make regular builds of the two branches that correspond to the two latest supported Android versions. For example, in September 2025 LOS are making regular builds of their lineage-21.1 (Android 14) and lineage-22.2 (Android 15). Once regular builds of the lineage-23.0 (Android 16) branch start being made, the builds of the lineage-21.1 branch will stop, so that any devices that are ‘stuck’ on that branch will no longer receive updates. Until recently

However many of the fixes in these branches are ‘back-ported’ to earlier branches: for example the lineage-20.0 (Android 13) and lineage-18.1(Android 11) branches have both had several fixes merged since the last official LOS builds.

This project currently has a certain amount of unused capacity on our build servers, so we have decided to use some of that capacity to make builds of both LineageOS for microG (L4M) and ‘normal’ LineageOS without microG (referred to from here on as ‘vanilla LOS*’, or just ‘LOS’), using these branches. In our October 2025 build run we made lineage-20.0builds for the following devices: billie,flashlmdd,mh2lm,nx611j,onclite,racer.

L4M builds of these branches should appear as OTA updates. ‘Vanilla’ LOS builds will have to be installed manually from recovery / adb sideload**.

We plan to continue to do this as often as we can. The frequency of these builds will vary depending on available capacity on the project’s build servers, and the number of changes made in a branch since the last build.

(* The word ‘vanilla’ is used here with the meaning ‘ordinary, with no special or extra features’.)

(** For now at least. OTA updates for these ‘vanilla’ LOS builds is on the ToDo list)

Builds including the Play Integrity Patch

In September 2025 the project started to include a patch which improved the Play Integrity performance of our builds, allowing some apps to work which had previously not worked. Unfortunately the patch also caused a small number of apps which had worked fine without the patch to stop working (See here and here). We therefore decided to alternate our monthly build runs between building with and without the patch.

Most users (who don’t use apps that either need or are broken by the PI patch) should not be affected by the patch, and can safely install any OTA update that arrives in the Updater app.

There are two groups of users who are affected by builds including the Play Integrity patch

1. Users who use the Nationwide UK banking and (possibly) Revolut apps (or any other app that did not work before we included the PI patch in our build). These users are currently better off that they were: these apps will now work, and will continue to work so long as users take care when receiving OTA updates to not install an update where the filename includes the text NO-PI-PATCH;
2. Users who use Deutsche Bank Photo Tan or Triodos Bank apps (NL & UK). These users are slightly worse off than they were. They need to take care when receiving OTA updates to only install an update where the filename includes the text NO-PI-PATCH.

Unresolved security issue

An issue has been raised in our issue tracker that APEX files are signed with test keys rather than with the project’s own signing keys. This creates a vulnerability that has been present in our ROMs since LineageOS 19 builds. Having investigated this issue, the project maintainers believe that:

1. according to this description of the vulnerability, it seems that it is a very small attack surface: the attacker must have physical access to the device and to a computer authorised for debugging, all without the knowledge of the device owner;
2. the risk to users of our ROMs in day to day usage of our ROMs is minimal;
3. fixing the issue for all our users would involve the implementation, testing and distribuition of a ‘migration script’ to run on approximately 250 devices;
4. the project does not have the time or resources to do that, though we would welcome anyone who could help with this or with another means of fixing the issue.

So the issue is currently not fixed, and will not be fixed unless there is an easy ‘system-wide’ fix that will prevent / disable updating APEXs separately from updating the whole ROM.

Builds for devices no longer supported by LineageOS

When LineageOS stop supporting a device, the last LineageOS for MicroG build will be kept available on our download server

Some builds for devices which were last supported at version lineage-18.1 can be found on the Wayback Machine / Internet Archive

Unofficial builds of IodéOS

The current project maintainers are involved with, and support the aims of the IodéOS project, another privacy respecting Android custom ROM, based on LineageOS for microG. We make regular - usually monthly - unofficial builds of IodéOS for Google Pixel, Sony Xperia, and a small number of other devices. The project has a certain amount of spare capacity on its build and download servers, and we are currently using this capacity to help make and publish these builds.

Project Github repositories

The project has two main public repositories on GitHub:

• docker-lineage-cicd The Docker image used by the project to make the regular builds, along with a README.md explaining how it can be used. The Docker images is rebuilt and pushed to DockerHub automatically when changes are pushed to the master branch
• android_vendor_partner_gms The pre-built components from MicroG, along with makefiles for easy integration in the Android build system. The pre-built components are pulled automatically from the MicroG releases.

Upstreams

The project has two main ‘upstream` projects:

• LineageOS (website, github repos)
• MicroG (website, github repos)

Like LineageOS, the project also uses ‘TheMuppets` github and gitlab repos as the source for device-specific vendor binary blobs.

The main work of the project is to integrate the upstream components and build them into the ROM images we make available.

Project Sponsor

Thanks to SysEleven who are generously providing the cloud computing resources the project uses to make and publish our builds, and to host this site.